Vulnerability CVE-2020-29484

Vulnerability Name:

CVE-2020-29484 (CCN-193137)

Assigned:

2020-12-15

Published:

2020-12-15

Updated:

2021-03-16

Summary:

An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore entry that triggered the watch, and the tag that was specified when registering the watch. Any communication with xenstored is done via Xenstore messages, consisting of a message header and the payload. The payload length is limited to 4096 bytes. Any request to xenstored resulting in a response with a payload longer than 4096 bytes will result in an error. When registering a watch, the payload length limit applies to the combined length of the watched path and the specified tag. Because watches for a specific path are also triggered for all nodes below that path, the payload of a watch event message can be longer than the payload needed to register the watch. A malicious guest that registers a watch using a very large tag (i.e., with a registration operation payload length close to the 4096 byte limit) can cause the generation of watch events with a payload length larger than 4096 bytes, by writing to Xenstore entries below the watched path. This will result in an error condition in xenstored. This error can result in a NULL pointer dereference, leading to a crash of xenstored. A malicious guest administrator can cause xenstored to crash, leading to a denial of service. Following a xenstored crash, domains may continue to run, but management operations will be impossible. Only C xenstored is affected, oxenstored is not affected.

CVSS v3 Severity:

6.0 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

4.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
3.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-476

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-29484

Source: XF
Type: UNKNOWN
xen-cve202029484-dos(193137)

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-df772b417b

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-64859a826b

Source: DEBIAN
Type: Third Party Advisory
DSA-4812

Source: CCN
Type: Xen Security Advisory XSA-324
Xenstore: guests can crash xenstored via watchs

Source: MISC
Type: Patch, Vendor Advisory
https://xenbits.xenproject.org/xsa/advisory-324.txt

Vulnerable Configuration:

Configuration 1:

cpe:/o:xen:xen:*:*:*:*:*:*:*:* (Version <= 4.14.0)

Configuration 2:

cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:xensource:xen:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7831	P	xen-libs-4.17.0_06-150500.1.10 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7895	P	gnome-extensions-41.9-150400.3.8.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7945	P	libmicrohttpd-devel-0.9.57-150000.3.3.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:635	P	Security update for rubygem-activesupport-5_1 (Moderate) (in QA)	2022-09-29
oval:org.opensuse.security:def:3225	P	libopus0-1.1-3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3535	P	java-1_8_0-openjdk-1.8.0.222-27.35.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3192	P	libjavascriptcoregtk-3_0-0-2.4.11-23.20 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3363	P	screen-4.0.4-23.3.3 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94855	P	xen-libs-4.16.0_08-150400.2.12 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95168	P	apache-commons-beanutils-1.9.4-1.68 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95165	P	xen-4.16.0_08-150400.2.12 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:336	P	xen-libs-4.14.1_16-1.6 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:388	P	xen-libs-4.16.0_08-150400.2.12 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:113591	P	xen-4.15.1_01-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:94475	P	(Important)	2022-01-11
oval:org.opensuse.security:def:5340	P	Security update for libsndfile (Important)	2022-01-05
oval:org.opensuse.security:def:101881	P	Security update for ncurses (Moderate)	2021-10-20
oval:org.opensuse.security:def:106977	P	xen-4.15.1_01-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:96764	P	qemu-tools-3.1.0-7.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96773	P	sharutils-4.15.2-2.21 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96774	P	shim-15+git47-1.5 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:1265	P	Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3) (Important)	2021-09-16
oval:org.opensuse.security:def:2296	P	xen-4.14.1_16-1.6 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63385	P	xen-4.14.1_16-1.6 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:101411	P	xen-4.14.1_16-1.6 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:101188	P	libexempi-devel-2.4.5-3.3.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62354	P	xen-libs-4.14.1_16-1.6 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72095	P	xen-libs-4.14.1_16-1.6 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101112	P	xen-libs-4.14.1_16-1.6 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:44024	P	Security update for xen (Important)	2021-01-07
oval:org.opensuse.security:def:39594	P	Security update for xen (Important)	2021-01-07
oval:org.opensuse.security:def:41032	P	Security update for xen (Important)	2021-01-05
oval:org.opensuse.security:def:45462	P	Security update for xen (Important)	2021-01-05
oval:org.opensuse.security:def:85566	P	Security update for xen (Moderate)	2020-12-29
oval:org.opensuse.security:def:31572	P	Security update for xen (Moderate)	2020-12-29
oval:org.opensuse.security:def:57395	P	Security update for xen (Moderate)	2020-12-29
oval:org.opensuse.security:def:23499	P	Security update for xen (Moderate)	2020-12-29
oval:org.opensuse.security:def:86036	P	Security update for xen (Moderate)	2020-12-29
oval:org.opensuse.security:def:32022	P	Security update for xen (Moderate)	2020-12-29
oval:org.opensuse.security:def:57845	P	Security update for xen (Moderate)	2020-12-29
oval:org.opensuse.security:def:51487	P	Security update for xen (Moderate)	2020-12-29
oval:org.opensuse.security:def:84088	P	Security update for xen (Moderate)	2020-12-29
oval:org.opensuse.security:def:86486	P	Security update for xen (Moderate)	2020-12-29
oval:org.opensuse.security:def:32841	P	Security update for xen (Moderate)	2020-12-29
oval:org.opensuse.security:def:58664	P	Security update for xen (Moderate)	2020-12-29
oval:org.opensuse.security:def:84543	P	Security update for xen (Moderate)	2020-12-29
oval:org.opensuse.security:def:31102	P	Security update for xen (Moderate)	2020-12-29
oval:org.opensuse.security:def:56925	P	Security update for xen (Moderate)	2020-12-29
oval:org.opensuse.security:def:87305	P	Security update for xen (Moderate)	2020-12-29
oval:org.opensuse.security:def:110928	P	Security update for xen (Moderate)	2020-12-26
oval:org.opensuse.security:def:28873	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:54696	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:75777	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:96026	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:125508	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:8537	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:69420	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:88089	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:51097	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:83170	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:108547	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:110384	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:5620	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:66709	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:33884	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:59707	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:29310	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:55133	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:81032	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:126680	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:9280	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:70174	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:88398	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:23875	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:109382	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:73574	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:117369	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:29963	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:55786	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:21359	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:82080	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:127077	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:10034	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:64452	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:102716	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:89104	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:51863	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:118478	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:69034	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:23109	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:82517	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:107854	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:33626	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:59449	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:89362	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:104085	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:73403	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:91778	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:4966	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:97395	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:104791	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:64281	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:68984	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:34338	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:60161	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:98101	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:105418	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:90430	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:25979	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:75497	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:98728	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:91136	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:66429	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:41884	P	Security update for xen (Moderate)	2020-12-16
oval:org.opensuse.security:def:46314	P	Security update for xen (Moderate)	2020-12-16

BACK